subject:"\[arch\-commits\] Commit in polipo\/trunk \(PKGBUILD polipo.install polipo.service\)"

[arch-commits] Commit in polipo/trunk (PKGBUILD polipo.install polipo.service)

2014-04-10 Thread Daniel Micay

Date: Friday, April 11, 2014 @ 05:10:46
  Author: thestinger
Revision: 109171

let polipo log to stderr (the journal)

There's no need to create another unstructured log file in /var/log, and it was
world-readable which was a privacy leak. Polipo also has support for logging
via syslog, which would also go to the journal, but appears to be buggy
(formatted port numbers incorrectly).

Modified:
  polipo/trunk/PKGBUILD
  polipo/trunk/polipo.install
  polipo/trunk/polipo.service

+
 PKGBUILD   |2 +-
 polipo.install |3 +--
 polipo.service |3 +--
 3 files changed, 3 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2014-04-11 03:01:08 UTC (rev 109170)
+++ PKGBUILD2014-04-11 03:10:46 UTC (rev 109171)
@@ -18,7 +18,7 @@
 source=(http://freehaven.net/~chrisd/polipo/polipo-$pkgver.tar.gz;
 polipo.service)
 md5sums=('bfc5c85289519658280e093a270d6703'
- '143ef45db99dc745b6c3a606847be9fe')
+ 'db95d3ac8e571dcb81c02fbb6600ba28')
 
 build() {
   cd $srcdir/$pkgname-$pkgver

Modified: polipo.install
===
--- polipo.install  2014-04-11 03:01:08 UTC (rev 109170)
+++ polipo.install  2014-04-11 03:10:46 UTC (rev 109171)
@@ -7,8 +7,7 @@
 install-info $infodir/$file $infodir/dir 2 /dev/null
   done
   install -d /var/cache/polipo 2 /dev/null
-  touch /var/log/polipo.log 2 /dev/null
-  chown -R nobody:nobody /var/cache/polipo /var/log/polipo.log 2 /dev/null
+  chown -R nobody:nobody /var/cache/polipo 2 /dev/null
 }
 
 post_upgrade() {

Modified: polipo.service
===
--- polipo.service  2014-04-11 03:01:08 UTC (rev 109170)
+++ polipo.service  2014-04-11 03:10:46 UTC (rev 109171)
@@ -3,8 +3,7 @@
 After=network.target
 
 [Service]
-Type=forking
-ExecStart=/usr/bin/polipo daemonise=true logFile=/var/log/polipo.log
+ExecStart=/usr/bin/polipo
 User=nobody
 
 [Install]

[arch-commits] Commit in polipo/trunk (PKGBUILD polipo.install polipo.service)

2014-04-10 Thread Daniel Micay

Date: Friday, April 11, 2014 @ 05:50:44
  Author: thestinger
Revision: 109175

upgpkg: polipo 1.0.4.1-11

run as polipo:polipo, not nobody:nobody

Using the nobody user is insecure, because it makes the service vulnerable to
anything else running as the nobody user.

Modified:
  polipo/trunk/PKGBUILD
  polipo/trunk/polipo.install
  polipo/trunk/polipo.service

+
 PKGBUILD   |6 +++---
 polipo.install |   30 +-
 polipo.service |2 +-
 3 files changed, 33 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2014-04-11 03:34:30 UTC (rev 109174)
+++ PKGBUILD2014-04-11 03:50:44 UTC (rev 109175)
@@ -8,7 +8,7 @@
 
 pkgname=polipo
 pkgver=1.0.4.1
-pkgrel=10
+pkgrel=11
 pkgdesc=A small and fast caching web proxy.
 arch=('i686' 'x86_64')
 url=http://www.pps.jussieu.fr/~jch/software/polipo/;
@@ -19,7 +19,7 @@
 source=(http://freehaven.net/~chrisd/polipo/polipo-$pkgver.tar.gz;
 polipo.service)
 md5sums=('bfc5c85289519658280e093a270d6703'
- 'db95d3ac8e571dcb81c02fbb6600ba28')
+ 'bec010ab5e49e6bdb65a825f11333cfd')
 
 build() {
   cd $srcdir/$pkgname-$pkgver
@@ -45,7 +45,7 @@
   # install systemd service
   install -Dm 644 $srcdir/polipo.service 
$pkgdir/usr/lib/systemd/system/polipo.service
 
-  install -dm 700 $pkgdir/var/cache/polipo
+  install -dm 700 -o 185 -g 185 $pkgdir/var/cache/polipo
 }
 
 # vim:set ts=2 sw=2 et:

Modified: polipo.install
===
--- polipo.install  2014-04-11 03:34:30 UTC (rev 109174)
+++ polipo.install  2014-04-11 03:50:44 UTC (rev 109175)
@@ -1,15 +1,37 @@
 infodir=/usr/share/info
 filelist=(polipo.info)
 
+create_polipo_user() {
+  getent group polipo /dev/null || groupadd -g 185 polipo /dev/null
+  getent passwd polipo /dev/null || useradd -u 185 -g polipo \
+  -d /var/cache/polipo \
+  -c 'Caching web proxy' \
+  -s /bin/nologin polipo /dev/null
+}
+
 post_install() {
   [ -x usr/bin/install-info ] || return 0
   for file in ${filelist[@]}; do
 install-info $infodir/$file $infodir/dir 2 /dev/null
   done
-  chown -R nobody:nobody /var/cache/polipo 2 /dev/null
+  create_polipo_user
 }
 
 post_upgrade() {
+  if [[ $(vercmp $2 1.0.4.1-11) -le 0 ]]; then
+echo Stopping polipo service in order to modify the user/group.
+systemctl stop polipo
+
+# in case the user/group were already created as recommended by the wiki
+userdel polipo /dev/null
+groupdel polipo /dev/null
+
+create_polipo_user
+chown -R 185:185 /var/cache/polipo
+
+echo You may now restart the polipo service.
+  fi
+
   post_install $1
 }
 
@@ -20,4 +42,10 @@
   done
 }
 
+post_remove() {
+  getent passwd polipo /dev/null  userdel polipo /dev/null
+  getent group polipo /dev/null  groupdel polipo /dev/null
+  true
+}
+
 # vim:set ts=2 sw=2 et:

Modified: polipo.service
===
--- polipo.service  2014-04-11 03:34:30 UTC (rev 109174)
+++ polipo.service  2014-04-11 03:50:44 UTC (rev 109175)
@@ -4,7 +4,7 @@
 
 [Service]
 ExecStart=/usr/bin/polipo
-User=nobody
+User=polipo
 
 [Install]
 WantedBy=multi-user.target

[arch-commits] Commit in polipo/trunk (PKGBUILD polipo.install polipo.service)

[arch-commits] Commit in polipo/trunk (PKGBUILD polipo.install polipo.service)

2 matches

Site Navigation

Mail list logo

Footer information